book

Building Ethereum Dapps

by Roberto Infante

March 2019

Intermediate to advanced

504 pages

17h

English

Manning Publications

Read now

Unlock full access

1.1. What is a Dapp?1.2. Good and bad Dapps1.3. A five-minute Dapp implementationSummary
2.1. A deeper look at decentralized applications2.2. What technologies make Dapps viable?2.3. Ethereum’s history and governanceSummary
3.1. Connecting to Ethereum through the wallet3.2. Smart contracts: The brain of Dapps3.3. Connecting to Ethereum with geth3.4. Managing accounts with geth3.5. Revisiting SimpleCoin’s contractSummary
4.1. Deploying a contract onto the network4.2. Interacting with the contract4.3. Nodeless deployment through MetaMaskSummary
5.1. EVM contract languages5.2. High-level contract structure5.3. Solidity language essentials5.4. Time to improve and refactor SimpleCoinSummary
6.1. Introducing SimpleCrowdsale, a crowdsale contract6.2. Extending functionality with inheritanceSummary
7.1. Making a contract abstract7.2. Allowing multiple contract implementations with interfaces7.3. Real-world crowdsale contracts7.4. Recap of Solidity’s object-oriented features7.5. Libraries7.6. Making SimpleCoin ERC20 compliantSummary
8.1. Revisiting deployment through geth’s interactive console8.2. Interacting with SimpleCoin through geth’s console8.3. Simplifying command-based deployment with Node.js8.4. Deploying on a private network8.5. Making development more efficient by deploying on mock networks8.6. Smoother interaction with SimpleCoin through a web UISummary
9.1. The core components9.2. A bird’s-eye view of the full ecosystem9.3. Decentralized address resolution with ENS9.4. Decentralized content storage9.5. Accessing external data through oracles9.6. Dapp frameworks and IDEsSummary
10.1. Installing Mocha10.2. Setting up SimpleCoin in Mocha10.3. Writing unit tests for SimpleCoinSummary
11.1. Setting up Truffle11.2. Moving SimpleCoin under TruffleSummary
12.1. Defining the requirements of a voting Dapp12.2. The development plan12.3. Starting the Truffle project12.4. Implementing the voting contract12.5. Compiling and deploying SimpleVoting12.6. Writing unit tests12.7. Creating a web UI12.8. Food for thoughtSummary
13.1. Event logging13.2. Designing an upgradeable library13.3. Designing an upgradeable contractSummary
14.1. Understanding general security weak spots14.2. Understanding risks associated with external calls14.3. How to perform external calls more safely14.4. Avoiding known security attacks14.5. General security guidelinesSummary
15.1. Evolution of Ethereum15.2. Alternative Ethereum implementations15.3. Beyond the Ethereum blockchainSummary

Content preview from Building Ethereum Dapps

Chapter 14. Security considerations

This chapter covers

Understanding Solidity weak spots and risks associated with external calls
Performing safe external calls
Avoiding known security attacks
General security guidelines

In the previous chapter, I gave you some advice on areas you should look at before deploying your Dapp on the production network. I believe security is such an important topic that it should be presented separately, so I’ve decided to dedicate this entire chapter to it.

I’ll start by reminding you of some limitations in the Solidity language that, if you overlook them, can become security vulnerabilities. Among these limitations, I’ll particularly focus on external calls and explain various risks you ...